SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PREVENTING COMMUNICATION OF UNWANTED NETWORK TRAFFIC BY HOLDING ONLY A LAST PORTION OF THE NETWORK TRAFFIC

US 20150096030A1
Filed: 12/09/2014
Published: 04/02/2015
Est. Priority Date: 10/05/2009
Status: Abandoned Application

First Claim

Patent Images

1. An intrusion protection system, comprising:

a server, comprising;

a processor;

a network interface, coupled to the processor; and

a memory coupled to the processor, on which are stored instructions, comprising instructions that when executed cause the processor to;

receive via the network interface an initial portion of a file being transferred to a destination;

forward the initial portion of the file to the destination;

receive via the network interface a final portion of the file;

determine identifying information regarding the file;

query a file reputation database for a determination of whether the file is wanted or unwanted using the identifying information; and

refuse to forward the final portion of the file to the destination responsive to a determination that the file is unwanted.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for preventing communication of unwanted network traffic by holding only a last portion of the network traffic. In use, network traffic associated with a file transfer is received. Additionally, only a last portion of the network traffic associated with the file transfer is held for determining whether the file is unwanted. Further, the last portion of the network traffic associated with the file transfer is conditionally forwarded to a destination device, based on the determination.

Citations

20 Claims

1. An intrusion protection system, comprising:
- a server, comprising;
  
  a processor;
  
  a network interface, coupled to the processor; and
  
  a memory coupled to the processor, on which are stored instructions, comprising instructions that when executed cause the processor to;
  
  receive via the network interface an initial portion of a file being transferred to a destination;
  
  forward the initial portion of the file to the destination;
  
  receive via the network interface a final portion of the file;
  
  determine identifying information regarding the file;
  
  query a file reputation database for a determination of whether the file is wanted or unwanted using the identifying information; and
  
  refuse to forward the final portion of the file to the destination responsive to a determination that the file is unwanted.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The intrusion protection system of claim 1, wherein the final portion of the file comprises a predetermined number of final packets.
  - 3. The intrusion protection system of claim 1, wherein the instructions further comprise instructions that when executed cause the processor to:
    - identify the final portion of the file by comparing a size of the file to a size of all received portions of the file.
  - 4. The intrusion protection system of claim 1, wherein the identifying information includes a hash of the file.
  - 5. The intrusion protection system of claim 1, wherein the instructions further comprise instructions that when executed cause the server to receive a response from the file reputation database indicating the file is unwanted.
  - 6. The intrusion protection system of claim 1, wherein the instructions further comprise instructions that when executed cause the server to read a network header associated with the file.
  - 7. The intrusion protection system of claim 1, wherein the server further comprises:
    - a second network interface,wherein the instructions that when executed cause the processor to forward the initial portion of the file to the destination comprise instructions that cause the processor to forward the initial portion of the file via the second network interface.

8. A machine readable medium, on which are stored instructions that when executed cause a server to:
- receive via a network interface an first portion of a file being transferred to a destination through the server;
  
  forward the first portion of the file to the destination;
  
  receive via the network interface a last portion of the file;
  
  determine identifying information regarding the file;
  
  determine whether the file is wanted or unwanted using the identifying information; and
  
  prevent forwarding of the last portion of the file to the destination responsive to a determination that the file is unwanted.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The machine readable medium of claim 8, wherein the last portion of the file is a plurality of final packets.
  - 10. The machine readable medium of claim 8, wherein the instructions further comprise instructions that when executed cause the server to identify the last portion of the file by comparing a size of the file to a size of all received portions of the file.
  - 11. The machine readable medium of claim 8, wherein the information regarding the file comprises a hash of the file.
  - 12. The machine readable medium of claim 8, wherein the instructions that when executed cause the server to determine whether the file is wanted or unwanted comprise instructions that when executed cause the server to query a file reputation database.
  - 13. The machine readable medium of claim 12, wherein the instructions that cause the server to query the file reputation database comprise instructions that when executed cause the server to send the identifying information to a file reputation database server.

14. A method of preventing delivery of malware, comprising:
- receiving by a server via a network interface an first portion of a file;
  
  forwarding by the server the first portion of the file to a destination for the file;
  
  receiving by the server via the network interface a second portion of the file;
  
  obtaining file identification information;
  
  determining whether the file contains malware using the file identification information; and
  
  preventing forwarding by the server of the second portion of the file to the destination responsive to a determination that the file contains malware.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the second portion of the file comprises one or more packets.
  - 16. The method of claim 14 further comprising identifying the second portion of the file by comparing a size of the file to a size of all received portions of the file.
  - 17. The method of claim 14, wherein the file identification information comprises a hash of the file.
  - 18. The method of claim 14, wherein determining whether the file contains malware comprises querying a file reputation database.
  - 19. The method of claim 18, wherein determining whether the file contains malware further comprises obtaining a result from the file reputation database, the result responsive to a comparison of the file identification information with data regarding known malware.
  - 20. The method of claim 14, further comprising reading a network header associated with the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Zhu, Ge, Bu, Zheng

Application Number

US14/564,498
Publication Number

US 20150096030A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/0245   Filtering by information in...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PREVENTING COMMUNICATION OF UNWANTED NETWORK TRAFFIC BY HOLDING ONLY A LAST PORTION OF THE NETWORK TRAFFIC

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PREVENTING COMMUNICATION OF UNWANTED NETWORK TRAFFIC BY HOLDING ONLY A LAST PORTION OF THE NETWORK TRAFFIC

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links